OCID (CRI-O) is a container runtime to be used with the Kubernetes Kublet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. The goal of the OCID is to optimize running of containers in production, via Kubernetes and OpenShift.

At a high level, we expect the scope of OCID:

Support multiple image formats including the existing Docker image format

Support for multiple means to download images including trust & image verification

Second part of the talk will cover Container Security. We will cover all parts of container security from the importance of the kernel, to where you should run your containers, container separation and what you should run inside